chiefy
commented
8 years ago :+1: @kenjones-cisco absolutely. I added you as a collaborator, and I really want to spend more time on this project in the next few months. Thanks for helping out!
Closed kenjones-cisco closed 8 years ago
chiefy
commented
8 years ago :+1: @kenjones-cisco absolutely. I added you as a collaborator, and I really want to spend more time on this project in the next few months. Thanks for helping out!
kenjones-cisco
commented
8 years ago Great! Just about done with it. Got one test case that is fighting me ;-)
kenjones-cisco
commented
8 years ago I created branch (https://github.com/chiefy/vaulted/tree/feature/consul) that includes all the work so far.
The one aspect that is not working as expected is the use of /consul/creds/ as it indicates that no role exists even though I can validate that the role does exist using /consul/roles/. I'm pretty sure the root cause is related to missing a step in the expected flow within Vault.
As you will notice, I added a Vagrantfile for setting up a common environment. The authstore/ directory provides a containerized setup for running vault and consul together.
As indicated in the commit message, I made a change to init and included an internal that will make it possible to backup and recover the internal state currently only available within instance variables.
Take a look and let me know what you think.
chiefy
commented
8 years ago Thanks @kenjones-cisco , I will check it out ASAP
kenjones-cisco
commented
8 years ago Possible root cause of challenges.
kenjones-cisco
commented
8 years ago By making changes to the test cases when using a Consul storage backend to make sure it is ready has allowed a workaround to the previous issue.
kenjones-cisco
commented
8 years ago Current blocking issue is dealing with being unable to generate a token from Vault when using Consul as secrets backend:
Support the APIs defined for Consul within Vault: https://www.vaultproject.io/docs/secrets/consul/index.html
Provide optional integration through package (https://www.npmjs.com/package/consul) to enable obtaining a management token for use within Vault to manage ACLs using a Consul backend.
I'm planning to created the above, and if there is interesting I'll create a pull request once I have it completed. As this is a need I have for my current project. Feedback welcome.